summaryrefslogtreecommitdiffstats
path: root/ldap/servers/slapd/modify.c
Commit message (Collapse)AuthorAgeFilesLines
* Bug 631993 - Log authzid when proxy auth control is usedNathan Kinder2010-10-081-18/+100
| | | | | | This patch makes the access log entries for search, add, mod, del, and modrdn operations display the authzid that is used when the proxy authorization control is sent by the client.
* Bug 612264 - ACI issue with (targetattr='userPassword')Nathan Kinder2010-09-011-5/+10
| | | | | | | | | | | | | | If an ACI has a targetattr of userPassword and uses the USERDN keyword, the ACI may not be evaluated correctly for password change operations. This is caused by the fact that we use a dummy target entry to check if the pasword change is allowed early in the operation. This dummy entry will not have any attributes that the ACI may use. The fix is to actually fetch the target entry with all of it's attributes. We still create a dummy entry if the target doesn't exist to prevent returning a no such entry error when we should be returning an access denied or insufficient access error.
* Bug 611850 - fix coverity Defect Type: Error handling issuesRich Megginson2010-07-061-1/+0
| | | | | | | | | | | | | | | | https://bugzilla.redhat.com/show_bug.cgi?id=611850 Resolves: bug 611850 Bug Description: fix coverity Defect Type: Error handling issues Reviewed by: nhosoi (Thanks!) Branch: HEAD Fix Description: Check the error return from the functions. In some cases, I was able to figure out that the calling function should perform additional error handling (return early, goto error label), but in general the code just logs an appropriate error message and continues. I was able to get rid of some more libacl code. I removed an unused variable from modify.c Platforms tested: RHEL5 x86_64 Flag Day: no Doc impact: no
* Bug 602530 - coverity: op_shared_modify: compare pre, post and original ↵Rich Megginson2010-07-011-4/+18
| | | | | | | | | | | | | | | entries before freeing them https://bugzilla.redhat.com/show_bug.cgi?id=602530 Resolves: bug 602530 Bug Description: coverity: op_shared_modify: compare pre, post and original entries before freeing them Reviewed by: nhosoi (Thanks!) Branch: HEAD Fix Description: Get the pre entry and post entry separately, compare them to e and to each other before attempting to free them. Platforms tested: RHEL5 x86_64 Flag Day: no Doc impact: no
* Bug 604263 - Fix memory leak when password change is rejected389-ds-base-1.2.6.rc2Nathan Kinder2010-06-151-0/+1
| | | | | | | | | If a password is changed using the password modify extended operation, the modify used to modify the password will be leaked if the change is rejected due to password policy or access control settings. This patch frees the mod when the password change is rejected.
* 591336 - Implementing upgrade DN format toolNoriko Hosoi2010-05-171-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | Change description: . adding upgradednformat utility to each server instance. . adding 91upgradednformat.pl for in-place-upgrade. . implementing ldbm_back_upgradednformat sharing the import/ reincexing codes. . adding a new DBVERSION ID "dn-4514" for the upgraded db. . fixing access logs (delete.c and modify.c) . fixing compiler warnings. . fixing memory leaks. . fixing a bug in syntax plugin to free strings. . adding templates for plugin id, version, vendor, and description, which are needed for the online upgrade. . dbversion_write takes an additional bit flags, which indicates which extra DBVERSION strings are written to the DBVERSION file. It was introduced for the upgrade tools not to intervene each other's tasks (e.g., dn2rdn for converting entrydn to entryrdn and upgradednformat for upgrading the DN format). . fixing a bug in entryrdn index code which was missing to normalize RDN. See also: https://bugzilla.redhat.com/show_bug.cgi?id=591336 http://directory.fedoraproject.org/wiki/Upgrade_to_New_DN_Format#Migration.2FUpgrade
* Update to New DN FormatNoriko Hosoi2010-04-261-4/+31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix Description: . adding slapi_dn_normalize_ext and its siblings to normalize/validate invalid DNs; deprecating slapi_dn_normalize and its siblings. (dn.c) . replacing slapi_dn_normalize with new corresponding functions. . normalizing hardcoded DNs (e.g., removing spaces around ',') . setting correct DN syntax to nsslapd-suffix, nsslapd-ldapiautodnsuffix, costemplatedn, nsslapd-changelogsuffix, nsBaseDN, nsBindDN . if nsslapd-dn-validate-strict is enabled, incoming DN is examined and rejected if it is invalid. Once approved, the DN is normalized. . fixing compiler warnings and typos. See also: http://directory.fedoraproject.org/wiki/Upgrade_to_New_DN_Format Related bugs: Bug 199923 - subtree search fails to find items under a db containing special characters Bug 567968 - subtree/user level password policy created using 389-ds-console doesn't work. Bug 570107 - The import of LDIFs with base-64 encoded DNs fails, modrdn with non-ASCII new rdn incorrect Bug 570962 - ns-inactivate.pl does not work Bug 572785 - DN syntax: old style of DN <type>="<DN>",<the_rest> is not correctly normalized Bug 573060 - DN normalizer: ESC HEX HEX is not normalized Bug 574167 - An escaped space at the end of the RDN value is not handled correctly
* Bug 195302 - Allow fine-grained password storage scheme to be setNathan Kinder2009-12-011-2/+8
| | | | | | | | | This patch makes the server use the password storage scheme set in the appropriate fine-grained password policy (if it is set). The previous code was always using the global storage scheme. This fix was based off of a fix contributed by Ulf Weltman of Hewlett Packard.
* OpenLDAP supportRich Megginson2009-07-071-1/+3
| | | | | | | | | | These changes allow the server to be built with OpenLDAP (2.4.17+). A brief summary of the changes: * #defines not provided by OpenLDAP were copied into slapi-plugin.h and protected with #ifndef blocks * where it made sense, I created slapi wrapper functions for things like URL and LDIF processing to abstract way the differences in the APIs * I created a new file utf8.c which contains the UTF8 functions from MozLDAP - this is only compiled when using OpenLDAP * I tried to clean up the code - use the _ext versions of LDAP functions everywhere since the older versions should be considered deprecated * I removed some unused code NOTE that this should still be considered a work in progress since it depends on functionality not yet present in a released version of OpenLDAP, for NSS crypto and for the LDIF public API.
* Fix various compiler warningsRich Megginson2009-05-191-1/+1
| | | | | | | | | | | | | | | | | | 1) Make sure we use "const" consistently 2) Make sure we use "unsigned char" consistently for some reason (unsigned char)*p did not compare to '\xHH' literals unless the literal was also cast to (unsigned char) 3) added some missing function prototypes 4) removed some unused variables/functions, or commented out for use when debugging 5) various other compiler warnings With all of these, the code compiles cleanly on RHEL5 x86_64 using gcc (GCC) 4.1.2 20080704 (Red Hat 4.1.2-44) and CFLAGS="-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic" The only warning now is the spurious message about %llu or %lld having the wrong format argument. Reviewed by: nhosoi (Thanks!)
* Resolves: 184141Nathan Kinder2009-01-151-4/+13
| | | | Summary: Make password modify extop work properly with the password policy control.
* Resolves: bug 454030Rich Megginson2008-12-051-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | Bug Description: Need to address 64-bit compiler warnings - again Reviewed by: nhosoi (Thanks!) Fix Description: This patch cleans up most of the other remaining compiler warnings. I compiled the directory server code with these flags on RHEL5 x86_64: -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic I also enabled argument/format match checking for most of the commonly used varadic functions. Most of the problems I found fell into these categories: 1) Too many or not enough arguments e.g. most everything that uses or did use LDAPDebug had extra 0,0 arguments. If they had been switched to use slapi_log_error, I removed the extra arguments - for those places still using LDAPDebug, I introduced more macros to handle the number of arguments, since C macros cannot be varadic. 2) When using NSPR formatting functions, we have to use %llu or %lld for 64-bit values, even on 64-bit systems. However, for regular system formatting functions, we have to use %ld or %lu. I introduced two new macros NSPRIu64 and NSPRI64 to handle cases where we are passing explicit 64-bit values to NSPR formatting functions, so that we can use the regular PRIu64 and PRI64 macros for regular system formatting functions. I also made sure we used NSPRI* only with NSPR functions, and used PRI* only with system functions. 3) use %lu for size_t and %ld for time_t I did find a few "real" errors, places that the code was doing something definitely not right: https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/acl/aclinit.c_sec4 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/acl/acllas.c_sec17 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/http/http_impl.c_sec1 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/memberof/memberof.c_sec1 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/pam_passthru/pam_ptimpl.c_sec1 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/replication/cl5_api.c_sec5 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/replication/cl5_clcache.c_sec2 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/plugins/replication/replutil.c_sec1 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/slapd/libglobs.c_sec1 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/slapd/back-ldbm/dbverify.c_sec2 https://bugzilla.redhat.com/attachment.cgi?id=325774&action=diff#ldapserver/ldap/servers/slapd/back-ldbm/ldif2ldbm.c_sec3 This is why it's important to use this compiler checking, and why it's important to fix compiler warnings, if for no other reason than the sheer noise from so many warnings can mask real errors. Platforms tested: RHEL5 Flag Day: no Doc impact: no
* Resolves: 470918Nathan Kinder2008-11-131-1/+1
| | | | Summary: Made replica_set_updatedn detect value add modify operations properly.
* Resolves: 207457Nathan Kinder2008-10-241-1/+1
| | | | Summary: Convert counters to 64-bit capable Slapi_Counter type.
* Related: 207457Nathan Kinder2008-10-171-4/+4
| | | | Summary: Add support for 64-bit counters (phase 1).
* Resolves: #188320Noriko Hosoi2007-10-181-1/+1
| | | | Summary: HP-UX: warnings reported by the HP-UX compiler
* Resolves: 268101Nathan Kinder2007-10-051-3/+5
| | | | Summary: Added new operation flag to skip writing modifiresname and related attributes. Updated password policy internal operations to use this new flag.
* Resolves: #214533Noriko Hosoi2006-11-101-0/+5
| | | | | | | | | | Summary: configure needs to support --with-fhs (Comment #6) Changes: Added the following include next to the end of the copyright block. + +#ifdef HAVE_CONFIG_H +# include <config.h> +#endif +
* Bug(s) fixed: 185780Rich Megginson2006-10-121-0/+1
| | | | | | | | | | | Bug Description: one byte memory leak in modify Reviewed by: nhosoi (Thanks!) Files: see diff Branch: HEAD Fix Description: Just call slapi_ch_free_string() with the mod->mod_type. This is safe to call with NULL. Platforms tested: RHEL4 Flag Day: no Doc impact: no
* 204517 - Use new ber types throughout the server code.Nathan Kinder2006-08-311-9/+10
|
* 190724 - Array initialization needed to be changed to fix a HP-UX PA ↵Nathan Kinder2006-05-051-1/+3
| | | | compilation error
* 190724 - Evaluate ACIs before checking password syntaxNathan Kinder2006-05-051-1/+33
|
* Bug(s) fixed: 179135Rich Megginson2006-02-231-2/+5
| | | | | | | | | | | | | | | | | | | | | | | Bug Description: memory leaks using ber_scanf when handling bad BER packets Reviewed by: All (Thanks!) Files: https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=123783 Branch: HEAD Fix Description: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179135#c0 I basically did a search through our code for all calls to ber_scanf, ber_get_stringa, and ber_get_stringal and made sure we properly free any arguments that may have been allocated. There was a bug in the ldapsdk https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179135 that causes us to free uninitialized memory when trying to clean up the result of ber_get_stringal (or ber_scanf with 'V'). I had to initialize some variables to NULL so that we could properly clean them up, and added some additional clean ups that were missing. Also, in repl_extop.c, we were calling free on an array that we should have been calling ch_array_free on. Yet another lesson in the evils of slapi_ch_free and disabling compiler type checks in general. Platforms tested: Fedora Core 4 Flag Day: no Doc impact: no
* 178867 - Enhanced password syntax checkingNathan Kinder2006-01-251-6/+8
|
* Fixed licensing typoNathan Kinder2005-04-191-1/+3
|
* 155068 - Added license to source filesNathan Kinder2005-04-151-0/+30
|
* clean up sprintf usage and many other flawfinder issues; clean up compiler ↵Rich Megginson2005-03-051-1/+0
| | | | warnings on Linux; remove pam_passthru from DS 7.1
* 149951 - Updated source code copyrightsNathan Kinder2005-02-281-2/+2
|
* PAM pass through auth plugin supportRich Megginson2005-02-071-2/+2
|
* Add password change extended operation support.David Boreham2005-01-281-41/+40
|
* Moving NSCP Directory Server from DirectoryBranch to TRUNK, initial drop. ↵ldapserver7xcvsadm2005-01-211-0/+966
(foxworth)